Week 24 in Review – 2012

Recon 2012 Review – Exploit the Magic School Bus to Success – infosecalways.com
Hands down Day 1 of Recon the Magic Bus by Travis Goodspeed and Sergey Bratus took the show. Great informational and entertaining presentation! I encourage anyone to check out the hardware Travis has developed and his papers if you are into understanding key security issues with the Bus.

F5 BIG-IP SSH Private Key Exposure – packetstorm.foofus.com
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use.

Scanning for Vulnerable F5 BigIPs with Metasploit – community.rapid7.com
F5 has published a patch for this issue, but you can bet that many users will be unaware of the issue , and even those that are aware may not want to take down their load balancer to apply it( applying the fix does not result in any downtime as stated in the comments below ). The private key is likely still on a large number of production appliances and any attacker with the access to a virtual or physical appliance can extract the key.

BIG-IP network appliances remote access vulnerability – h-online.com
Networking equipment specialist F5 Networks is warning users about a security vulnerability in its network appliances – including its flagship BIG-IP family of products – that could allow a remote attacker to gain root access via SSH on some devices.

Metadata: The Hidden Treasure – resources.infosecinstitute.com
In this article we are going to learn about the information hidden in the documents, files present in the public domain which could be sensitive from security perspective and also how to deal with it.

Directory Traversal Pentest Sheet – vulnerability-lab.com
A lot of people asked us regarding our directory traversal pentest sheet for a fuzzer or own scripts. To have some good results you can use the following list with automatic scripts, software or for manually pentesting. This list goes out to all friends, nerds, pentester & exploiters. Please continue the List and we will update it soon.

IPv6 Sets Stage For New Security Issues, Part II – blog.fortinet.com
What kind of threats can we expect to see targeting IPv6 down the road? Thus far, the comprehensive launch of the new Internet protocol is just days old, and no one has a crystal ball. However, there are few security issues that we can expect to tackle in the not too distant future, according to Patrick Bedwell, Fortinet vice president of products.

IObit Protected Folder Authentication Bypass – resources.infosecinstitute.com
From time to time I come across various security tools and utilities and sometimes I enjoy analysing them in order to evaluate their effectiveness, especially if they are not given for free. In order to be clear, I am not saying that a free security tool shouldn’t be secure, especially if it claims to be.

Teaching the Security Mindset – schneier.com
In 2008 I wrote about the security mindset and how difficult it is to teach. Two professors teaching a cyberwarfare class gave an exam where they expected their students to cheat.

Tools

mwielgoszewski / jython-burp-api – github.com
Burpy is an ISC Licensed library, written in Jython, Java and Python. Burpy exposes a Jython interface to the popular Burp Suite web security testing tool, as an alternative to Buby for those testers who prefer Python over Ruby.

I am happy to announce the release of Metasploitable 2, an even better punching bag for security tools like Metasploit, and a great way to practice exploiting vulnerabilities that you might find in a production environment.

escanner Escalation Pentesting Tool – theprojectxblog.net
escanner is a small tool that helps you thread scan file(s)/directories recursively for possible vulnerability of insecure file permissions that could result on local privilege escalation due to some misconfiguration of operating systen, software vendors or by users.

Stiltwalker – dc949.org
Stiltwalker is a proof of concept tool that defeats Google’s reCAPTCHA with an insanely high accuracy (99%). We have released all of our research, code, tools and examples used in the reCAPTCHA domination. You can get the slides here (or here to get the mp3s as well) and the video is at the bottom of the page.

Techniques

Getting Started with GNU Radio and RTL-SDR (on Backtrack) – blog.opensecurityresearch.com
In this blog post I’ll aim to get you at least partially familiar with Software Defined Radio, the Realtek RTL2832U chipset, and provide Backtrack 5 R2 setup and usage instructions so that you can easily get off to a good start.

Using Nmap to Screenshot Web Services – blog.spiderlabs.com
I’ll walk you through installing the pre-requisites, then we’ll take this for a test drive by running a penetration testing scenario. For this exercise, I’ll assume that you’re using BackTrack 5.

Parsing Nessus CSV Reports with PowerShell – darkoperator.com
Recently in the Pauldotcom Podcast Paul was mentioning how he uses Awk, cut and other bash tools to process a Nessus CSV report file and format the host output so he could use it in another tool. I saw his command and thought I would do it in PowerShell for kicks since PowerShell turns each row in to an object I can manipulate.

Reverse engineer an obfuscated .Net application – travisaltman.com
Some of the concepts I’ll be covering will be new to some people and may be hard to understand but for others who are familiar with this field will find the concepts simple. Hopefully no matter what your comfort level or experience you’ll get something out of this.

Vendor/Software Patches

Microsoft

Microsoft Patches 26 Flaws, Warns of Zero-Day Attack – krebsonsecurity.com
Microsoft today released updates to plug at least 26 separate security holes in its Windows operating systems and related software. At the same time, Microsoft has issued a stopgap fix for a newly-discovered flaw that attackers are actively exploiting.

Today we released seven security bulletins. Three have a maximum severity rating of Critical and the other four have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment.

Microsoft Patch Tuesday – June 2012 – symantec.com
Hello, welcome to this month’s blog on the Microsoft patch release. This is a larger month—the vendor is releasing seven bulletins covering a total of 27 vulnerabilities.

Apple, Oracle Ship Java Security Updates – krebsonsecurity.com
There must have been some rare planetary alignment yesterday, because the oddest thing happened: Apple and Oracle both shipped software updates for the same Java security flaws on the very same day.

Trivial Password Flaw Leaves MySQL Databases Exposed – threatpost.com
There is a trivially exploitable vulnerability in MySQL that enables an attacker to gain root access to the database server. The bug, which recently was patched, stems from an error in the way that MySQL and MariaDB handle passwords, giving an attacker a chance of getting root access by supplying any password to an affected server.

CVE-2012-2122: A Tragically Comedic Security Flaw in MySQL – community.rapid7.com
On Saturday afternoon Sergei Golubchik posted to the oss-sec mailing list about a recently patched security flaw (CVE-2012-2122) in the MySQL and MariaDB database servers. This flaw was rooted in an assumption that the memcmp() function would always return a value within the range -128 to 127 (signed character).

Security Vulnerability in MySQL – blog.sucuri.net
A serious security vulnerability discovered in MySQL was disclosed this weekend. It basically allows anyone to bypass authentication and log in directly into the database. We tried on a few 64bit Ubuntu systems and were able to replicate the issue (it seems that only 64 bit platforms are affected).

Massive MYSQL Authentication Bypass Exploit – secmaniac.com
There has been a new MYSQL authentication bypass exploit released on seclist here: http://seclists.org/oss-sec/2012/q2/493. It is absolutely trivial to gain root access to a MySQL database at this point. Thanks to jduck for the tweet bringing this to our attention.

Security vulnerability in MySQL/MariaDB sql/password.c – seclists.org
We have recently found a serious security bug in MariaDB and MySQL. So, here, we’d like to let you know about what the issue and its impact is. At the end you can find a patch, in case you need to patch an older unsuported MySQL version.

256-bit AES encryption broken in SandForce SSD controllers – techreport.com
When SandForce announced the SF-2000 SSD controller family, it touted the controller’s ability to encrypt data with a 256-bit AES algorithm. The previous generation of SandForce controllers did 128-bit AES encryption, but the new chip added a second hardware engine with AES-256 support.

About Us

Infosec Events is dedicated to the growing information security industry. We strive to provide useful information and resources to those in the industry. Don't hesitate to contact us should you need anything.